OAuth2 | TsgcHTTP_OAuth2_Server_Provider

This component allows to integrate External OAuth2 Providers (like Azure AD, Google, Facebook...) in your server component (like an HTP server), so an user can login using the Azure AD credentials and if the authentication is successful, the HTTP server can provide access to protected resources.

 

The server components have a property called Authorization.OAuth.OAuth2Provider where you can assign an instance of TsgcHTTP_OAuth2_Server_Provider, so if Authentication is enabled and OAuh2Provider property is attached to OAuth2 Provider Server Component, the WebSocket and HTTP Requests require a Cookie / Bearer Token to be processed, if not the connection will be closed automatically.

OAuth2Provider := TsgcHTTP_OAuth2_Server_Provider.Create(nil);
Server.Authentication.Enabled := True;
Server.Authentication.OAuth.OAuth2Provider := OAuth2Provider;

 

 

Register OAuth2 Provider

Before the server is started, you must configure the OAuth2 Providers that the server will use to authenticate. Use the method RegisterProvider to configure the OAuth2 Providers, this method has the following parameters:

 

• Name: is the name of the provider, it can be any name, is just to identify the provider later.
• ClientId: is the public client Id, this value is provided by the OAuth2 Provider.
• ClientSecret: is the private client secret (must be keep confidential), this value is provided by the OAuth2 Provider.
• AuthorizeURL: is the URL where the OAuth2 client will redirect to login (the connection is using a web browser).
• TokenURL: is the URL the server will use to validate the token provided after a successful authorization (the connection is server to server).
• Scope: is the value of the scope/s.
• URL: is the URL of the HTTP Server that will be used to redirect to the Authorization URL.
• CallbackURL: is the URL configured in the OAuth2 Provider that will process the response sent from the OAuth2 server after a successful Authorization.

 

Example: to configure Azure AD, it requires a tenant-id which is added to the OAuth2 URLs, ClientId, ClientSecret, Scope and a CallbackURL.

 

  RegisterProvider(
    'azure',
    '90945b8d-f6b7-4b97-b2bd-21c3c90b5f3x',
    'PN67Q~5m06c-~X_GMyMf9zMntmm5l2dt~3jVq',
    'https://login.microsoftonline.com/a0ca2055-5dd1-467f-bf13-291f6fd715c6/oauth2/v2.0/authorize',
    'https://login.microsoftonline.com/a0ca2055-5dd1-467f-bf13-291f6fd715c6/oauth2/v2.0/token',
    'user.read',
    '/login',
    'https://localhost/callback'
    );

 

To delete an existing Provider, use the method UnRegisterProvider.

Properties

The following properties can be configured in the OAuth2Options property.

 

• HTTPClientOptions: when the server receives the response from the OAuth2 provider after a successful authorization, uses a connection from the HTTP server to the OAuth2 provider to validate the code received is valid. This connection can be configured using this property.
• Cookies: when the server receives a successful Token Access, if this property is enabled, a server cookie is created to store a public ID that it's linked to the private Token Access. Here you can configure the cookies values.

 

Most common uses

• QuickStart
  • OAuth2 Provider Azure AD

 

• Authenticate
  • OAuth2 Provider Private Endpoints
  • OAuth2 Provider Authentication
  • OAuth2 Provider Requests